Google (and now Yahoo and perhaps others) have gone to Google's OAuth2 protocol for email authentication. Despite their labeling other protocols as "less secure", OAuth2 is really no more secure* than more traditional methods (sending username and password), but does provide them some internal benefits in that it allows you to use your Google or Yahoo account to log into other sites like Facebook, Microsoft, Twitter, etc.

You can set your Thunderbird to use the Oauth2 authentication if you choose via the "Authentication method" item under Server Settings.

Or, you can tell Google/Yahoo to accept traditional non-Oauth2 authentication methods by logging into your Google/Yahoo account using a web browser and going to your Security settings. Enable "Allow apps that use less secure sign in".